Citrix NetScaler, Federated Authentication and Google – Federated Authentication

by David Brett, CTP

We can now move onto Part 4 of this series.  How to set up and install Citrix Federated Authentication Services.

Citrix Federated Authenticated Services was introduced with XenDesktop 7.9 and has been a long awaited feature of the stack.  It will allow you to replace Kerberos Constrained Delegation with Cert based auth to your Apps and Desktops.  In the case of this setup, we are going to use FAS to authenticate the user to the Active Directory using their token from Google.

As I said previously, there are already some good posts out there to describe the setup for certain parts of this configuration and I don’t want to re-invent the wheel just for the sake of it.

With that in mind Carl Stalhood has written an excellent post on setting up and configuring Citrix Federated Authentication Services.  Click on the below link and follow his guide to get FAS up and running in your estate.

http://www.carlstalhood.com/citrix-federated-authentication-service-saml/

NOTE: Don’t perform any of the NetScaler config that he describes as we will be handling that part differently in an upcoming post.

Just complete the following parts

There are a couple of additional tasks that we have done in addition to Carl’s setup.  I will run through these below.

High Availability

Once of the things that we have been trying to achieve with the Silverton Project in Lab60 is as close to a production build as we can get.

As you can see by the screenshot below we have built 2 FAS Servers and added them to the same cluster.

In Session Certificates

Make sure you enable In Session Certificates as part of the group policy part of the deployment.

That’s it for this part.  Thanks to Carl for saving us all a load of time by posting a great article on FAS.

Next we move onto the NetScaler Configuration – where the fun starts to happen!

Thanks,

Dave Brett (@dbretty)

Leave a Reply